From 0145b10869f05735d80d429d59addd46a801af5d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 24 Jan 2014 20:39:03 +0100
Subject: Improve the description of preseeding options.

---
 include/partition.sh                      |  21 ++++--
 preseed.cfg                               | 110 ++++++++++++++++++++++--------
 src/fripost-partman-udeb/debian/templates |   8 +--
 3 files changed, 98 insertions(+), 41 deletions(-)

diff --git a/include/partition.sh b/include/partition.sh
index d487b02..eed6db9 100755
--- a/include/partition.sh
+++ b/include/partition.sh
@@ -16,14 +16,21 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+# On most installations it should be enough to change what is marked as
+# 'FIXME'.
+
 set -ue
 
 . /lib/fripost-partman/base.sh
 
-#device=/dev/sda
-device='/dev/sda /dev/sdb'     # space-separated form mutiple disks (raid)
-raidLevel=raid1                # raid level (leave empty for no raid)
-raidNumActiveDevices=2         # number of active devices in the array
+# Configuration for a single disk
+device=/dev/sda
+raidLevel=
+
+# Configuration for a RAID array
+#device='/dev/sda /dev/sdb' #                                        FIXME
+#raidLevel=raid1            # raid level                             FIXME
+#raidNumActiveDevices=2     # number of active devices in the array  FIXME
 
 
 n=0
@@ -147,9 +154,9 @@ vg=$(hostname)
 pvcreate -ff -y $part_system
 vgcreate $vg    $part_system
 
-lvcreate -L 5G       -n root $vg
-lvcreate -L 1G       -n swap $vg
-lvcreate -l 100%FREE -n home $vg
+lvcreate -L 5G       -n root $vg    # FIXME
+lvcreate -L 1G       -n swap $vg    # FIXME
+lvcreate -l 100%FREE -n home $vg    # FIXME
 vgchange -ay $vg
 
 
diff --git a/preseed.cfg b/preseed.cfg
index be99a2e..6428063 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -1,6 +1,6 @@
 # Preseed file
 #
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
+# Copyright © 2013,2014 Guilhem Moulin <guilhem@fripost.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -15,32 +15,64 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# Locales
-d-i debian-installer/locale string en_US.UTF-8
-d-i localechooser/supported-locales multiselect sv_SE.UTF-8
-d-i keymap skip-config
 
-# Debian archive mirror hostname (installer only):
-d-i mirror/http/hostname string ftp.se.debian.org
+################################################################################
+# Fripost specific options
 
-# Assume the clock is UTC. Always use NTP.
-d-i clock-setup/utc boolean true
-d-i clock-setup/ntp boolean true
-d-i clock-setup/ntp-server string 0.se.pool.ntp.org
-d-i time/zone string Europe/Stockholm
+# Which script should be used for partitioning?  The path should be absolute,
+# and the script must be executable. (This is mandatory)
+d-i fripost/partition-script string /cdrom/include/partition.sh
+
+# Which kind of data fill the disk with before encryption?  'none' means disks
+# will NOT be wiped, otherwise use /dev/{zero,urandom,random} as the source
+# data to fill disks with.  Beware that the later two may drain the entropy
+# pool of the system! (Default: zero)
+#d-i fripost/wipe-device string zero
+
+# Should the system disk be fully encrypted? (Excluding /boot.) (Default: true)
+#d-i fripost/encrypt boolean true
+
+# Password for full-disk encryption? If left empty (recommended, and the
+# default), a SSH daemon will be fired up and the automatic install will be
+# interupted, waiting for the user to dump the password on the standard input.
+#d-i fripost/encryption-password string
+
+# Listening [address:]port for dropbear? If port is a range (e.g., 1024-65535),
+# a random port in that range is chosen.  Leaving the question empty is
+# equivalent to specifying the range of registered port 1024-49151.  This is only
+# used for remote (SSH) unlocking of encrypted disks. (Default: 22)
+#d-i fripost/initrd-ssh-port string 22
+
+# Use the same key for dropbear and OpenSSH? If False, generate a dedicated key
+# for dropbear. (Default: false)
+#d-i fripost/dropbear-use-openssh-key boolean false
+
+# Install and activate (in enforcing mode) SELinux?  Note that activating
+# SELinux requires a dummy reboot to label all files.  So if you have full-disk
+# encryption, you'll have to send the password twice to dropbear. (Default: true)
+#d-i fripost/activate-selinux boolean true
+
+# Keep /media and its kids' entries in the fstab?  /media (and its related
+# entries in the fstab) can safely be removed on a headless server. (Default:
+# false)
+#d-i fripost/keep-media-directory boolean false
+
+# Display the final notice before rebooting?  It's good to show SSH
+# fingerprints, because it defeats MiTM-attacks. (Default: true)
+#d-i fripost/final-notice boolean true
+
+
+################################################################################
+# Network. You probably want to change the host and domain names.
 
-# Network
 d-i netcfg/choose_interface select auto
-d-i netcfg/hostname string eilift
-d-i netcfg/get_domain string guilhem.org
-#d-i netcfg/disable_autoconfig boolean true
-#d-i netcfg/get_ipaddress string 192.168.10.100
-#d-i netcfg/get_netmask string 255.255.255.0
-#d-i netcfg/get_gateway string 192.168.10.2
-#d-i netcfg/get_nameservers string 192.168.10.1
-#d-i netcfg/confirm_static boolean true
-
-# Users
+d-i netcfg/hostname string mistral
+d-i netcfg/get_domain string fripost.org
+
+
+################################################################################
+# Users. You probably want to change the user name and password.
+
 adduser adduser/homedir-permission boolean false
 d-i passwd/root-login boolean false
 d-i passwd/shadow boolean true
@@ -50,10 +82,32 @@ d-i passwd/username string guilhem
 d-i passwd/user-password-crypted password $6$QjLeZdW1O$9VymVDc5q6NctEylAqObvmP4S7FXk1ckCPaHua0JaiFSaTeTKoWxaP7bQoUWvzCPDY23Xqthg87QDBbaCY9BP0
 d-i passwd/user-default-groups string ssh
 
-locales/default_environment_locale string en_US.UTF-8
-locales/locales_to_be_generated    string en_US.UTF-8 UTF-8, sv_SE.UTF-8 UTF-8
 
-# System
+################################################################################
+# Locales
+
+d-i debian-installer/locale string en_US.UTF-8
+d-i localechooser/supported-locales multiselect sv_SE.UTF-8
+d-i keymap skip-config
+
+locales locales/default_environment_locale string en_US.UTF-8
+locales locales/locales_to_be_generated    string en_US.UTF-8 UTF-8, sv_SE.UTF-8 UTF-8
+
+
+################################################################################
+# Assume the clock is UTC. Always use NTP.
+
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean true
+d-i clock-setup/ntp-server string 0.se.pool.ntp.org
+d-i time/zone string Europe/Stockholm
+
+################################################################################
+# dpkg/APT (install minimal system)
+
+# Debian archive mirror hostname (installer only):
+d-i mirror/http/hostname string ftp.se.debian.org
+
 popularity-contest popularity-contest/participate boolean true
 d-i base-installer/kernel/image string linux-image-amd64
 d-i base-installer/kernel/linux/initramfs-generators string initramfs-tools
@@ -67,7 +121,3 @@ d-i pkgsel/upgrade select safe-upgrade
 
 d-i preseed/early_command string anna-install fripost-partman fripost-postinst
 d-i preseed/late_command string /bin/in-target /usr/bin/update-alternatives --set editor /usr/bin/vim.nox
-d-i fripost/partition-script string /cdrom/include/partition.sh
-
-d-i fripost/wipe-device string none
-d-i fripost/initrd-ssh-port string 2222
diff --git a/src/fripost-partman-udeb/debian/templates b/src/fripost-partman-udeb/debian/templates
index 3f94e14..20bf4d9 100644
--- a/src/fripost-partman-udeb/debian/templates
+++ b/src/fripost-partman-udeb/debian/templates
@@ -28,7 +28,7 @@ Type: select
 Default: zero
 Choices: none, zero, urandom, random
 Description: Which kind of data fill the disk with before encryption?
- 'none' means disks will NOT wiped, otherwise use
+ 'none' means disks will NOT be wiped, otherwise use
  /dev/{zero,urandom,random} as the source data to fill disks with.
  Beware that the later two may drain the entropy pool of the system!
 
@@ -49,9 +49,9 @@ Template: fripost/encryption-password
 Type: password
 Default:
 Description: Password for full-disk encryption:
- If left empty, a SSH daemon will be fired and the automatic install
- will be interupted, waiting for the user to dump the password on the
- standard input.
+ If left empty (recommended), a SSH daemon will be fired up and the
+ automatic install will be interupted, waiting for the user to dump the
+ password on the standard input.
 
 Template: fripost/ssh-keypair-generation_progress_title
 Type: text
-- 
cgit v1.2.3